What should we do with stolen bitcoins?

Thousands of bitcoins have been stolen from users since the virtual currency started, and yet we can see all of these thefts happen, in real time, on the block chain. We know which addresses the stolen coins are sent to, and which ones they are stolen from. We can track the life of a bitcoin through the network.

Why, then, can't we simply take those stolen coins out of commission?

A UK-based digital forensic services firm, Systech, has begun offering a recovery service for lost and stolen bitcoins. The service is twofold: firstly, it will use its traditional forensic data recovery techniques to salvage coins from damaged hard drives. Secondly, it has also announced a tracing service for stolen bitcoins, which it hopes will enable victims to find out who tries to exchange stolen coins for fiat currency.

Tracing stolen coins should, theoretically, be relatively easy on the bitcoin network. It is paradoxically one of the most private and transparent decentralized networks in existence.

On the one hand, you can register a bitcoin address instantly, at no cost, that has no links to your real-world identity. There's the privacy.

On the other hand, the transparency of the block chain means that everyone can see every activity conducted by any bitcoin address, including the amount of bitcoins that it holds, where they came from, and where they go when it sends them on somewhere else.

This has led to some controversial actions on the part of bitcoin exchanges in the past. In 2012, over 43,000 bitcoins were stolen from Zhou Tong’s Bitcoinica leveraged trading platform, which subsequently shut down.

Mt Gox then began freezing accounts containing bitcoins that could be traced to the theft, and demanding that account holders submit identification. This was before KYC rules demanded that account holders register proof of identity.

“What we do is carry out an analysis and parse the block chain for all transactions. We can then follow a transaction even when the coins are split up into multiple transactions and wallets, or aggregated into one wallet,” said Systech spokesperson Simon Lang.

Because exchanges are now subject to KYC and AML rules, it should be easier to obtain the identities of people trying to exchange bitcoins linked to a theft, Lang added.

There are challenges, though. The taint of a coin can help investigators to track the relationship between two addresses, making it harder for thieves to hide their stolen coins simply by sending them to lots of different addresses. However, the more an output is used in subsequent transactions, the more difficult it is to prove that it is stolen, say experts.

“The taint remains definitive while subsequent transactions disperse the funds, but it gets diluted if aggregated with coins from other sources,” said Tamás Blummer, founder and CEO of BitsOfProof, a company that sells commercial-grade bitcoin servers.

Jeff Garzik, a core developer of the Bitcoin protocol, said the ability to prove that a coin is stolen falls drastically after the first subsequent transaction.

“At its most basic level, the Bitcoin protocol destroys each coin when it is spent, and creates brand new coins for the recipient. Sending 1.0 BTC to me might involve destroying coin #1111 (0.5 BTC) and coin #1112 (0.5 BTC), and creating coin #6789 (1.0 BTC)."

So, a ‘coin’ may be made of several inputs, some of which might be stolen, and some of which might not. “Thus, beyond a single transaction, you cannot say that a coin is 100% stolen.”

Blummer points out another problem: a smart thief will try to cover their tracks using a laundry transaction, which obfuscates the inputs and outputs entirely. One way of doing this is via a mixing service.

These services receive bitcoins, and mix them with bitcoins from many other users, before resending the same amount back to the sender from the mixed pool of inputs. This obfuscates the inputs and outputs stemming from a theft, making it far more difficult to trace them.

It isn't always foolproof, however, said Lang:

“The liquidity of these sites is still so low that it is sometimes still possible to follow out.”

The question is, what should be done with stolen transactions that can be followed? You might think it's a no-brainer not just to identify stolen outputs, but also to stop them being spent altogether. In fact, we could go further, and simply build something into the bitcoin protocol that stops transactions being mined if they are based on outputs from stolen coins. After all, the transparency is built right into the system.

Not so fast, says Garzik. If the technological challenges above don’t make it difficult enough, the legal and economic considerations should dissuade us.

‘Victims’ may claim a theft, even if they have stolen their own bitcoins. Even if a victim can be proven honest, police reports from jurisdictions around the world must then be reviewed and authenticated and matched to bitcoin transactions, to try and find a perpetrator of a theft. Then, a community consensus would be needed to upgrade a transaction blacklist. And if the person running the blacklist got it wrong, they could be legally liable.

Garzik asserts:

“It is not the place of engineers to sort through police reports, and pronounce judgements on each transaction as good or evil.”

Any such pronouncements will be subjective, he says. “Businesses and exchanges receiving bitcoins are in the best position to know their customer, and make some sort of judgement about that.”

At least some payment processors, too, are wary of building mechanisms into the Bitcoin protocol to stop stolen coins from being spent. BitPay, Garzik’s employer and a processor of bitcoin payments, says that such a move would alter the certainty of transactions. Far better to build some sort of transaction reversibility into the layers atop the protocol rather than the protocol itself, the firm says.

The final concept is perhaps the most important: fungability – the idea that one unit of a currency should always be equivalent to another unit of the same currency.

“It is important that the value of one bitcoin is the same as the value of another bitcoin,” Garzik concludes, arguing that failing to preserve the fungability of coins would change bitcoin’s underlying economic principles. “Otherwise it becomes impossible for software and average users to figure out which bitcoins they should hold, and which they should avoid.”

So, yes, we can follow stolen coins – or parts of them, in subsequent transactions – through the network. But officially besmirching those coins based on fraudulent transactions in the chain is a bad idea, say experts.

While exchanges and merchants may be able to make some qualitative judgements about the validity of a transaction with a relation to stolen outputs, trying to codify this into the protocol itself is fraught with difficulties. For the time being at least, the Bitcoin protocol will treat all coins as equal – stolen or not.